"Paul D. Robertson" wrote:
>
> I think it depends heavily on what you consider a threat to be.
Yeah, although, to me, it's really all a moot point; I was just
being curious.
To me, internal segmentation and sound application of the principle
of least privilige always makes sense, even in cases where you trust
"everyone" implicitly.
When trying to explain internal firewalling to less-clued people, I
usually go about it by drawing a parallel to ships with transverse
water-tight bulkheads. Spring a leak in one or two places and it
won't sink the entire ship.
But, then again, there's always the Titanic parallel -- not all
bulkheads go all the way. Especially with everyone trying to tie their
entire organization to things like MS Active Directory or Novell NDS,
things tend to go south very rapidly -- there's just no such thing as
effective firewalling and segmentation when those things enter
the picture. *sigh* <starts imagining conspiracy theories designed
to make segmentation impossible>
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
For Account Management (unsubscribe, get/change password, etc) Please go to:
http://lists.gnac.net/mailman/listinfo/firewalls
